CRITICALVulnerability
Global

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

·Source: The Hacker News

Updated:

Executive Summary

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with

Analysis

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with
Source Attribution

Originally published by The Hacker News on May 26, 2026.

Related Threats

MEDIUMVulnerability

YARA-X 1.17.0 Release, (Sun, May 31st)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix.

SANS ISC
LOWVulnerability

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]

BleepingComputer
MEDIUMVulnerability

Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs

[object Object]

CVE-2025-59199
r/blueteamsec